Analysis

  • max time kernel
    136s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 18:43

General

  • Target

    101c2fd3f8769ded0c8423b204d32d43_JaffaCakes118.html

  • Size

    155KB

  • MD5

    101c2fd3f8769ded0c8423b204d32d43

  • SHA1

    6b1ab326fd80ab7458e2c8f1211f8d4e70f345c3

  • SHA256

    cd05383ff64cfe29044e10de583ae1f2f5ea5b17b52da6a115f240f13427ac49

  • SHA512

    213cb61c6acee51d0811eb8434fe1af8298db07cc322572d538e5c341167823addacf34a7e5f4115106687771abf963241bc75fb361b918b22f4f6941bcd57fe

  • SSDEEP

    1536:ivRTDuvJ96yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:iBE96yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\101c2fd3f8769ded0c8423b204d32d43_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2704
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2540
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1080
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2452
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:472080 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2328

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e666d33a84d2f3a87fcfa01ca96c25eb

            SHA1

            228f87a2952d51a9a8a056788c4935d82211be78

            SHA256

            a4f125ff36a08aa7bfb1106dddd5b911a884d846f75eb658c3bd4c92f46b06f9

            SHA512

            39ffc667b842561f26b3abd95a848791ffdcfd7599b5936055615079a9ad5be6cd32d658527eaca09d3ccccfc0828d12e3aa2e2d63eb2d21309e8003f9cfeaf2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b70171b005c91345008a4fd9501ebec2

            SHA1

            b53085c5de09f21b097f59a809e340cd6743a9c0

            SHA256

            68125c0cf1a09c08902b76e653877b18d5be53b2656206a906f21fb1e93f38bc

            SHA512

            9661180be5ab73573fcf21ffda68528b56e791df8f86ab15f48a68326e21cb2db804c05458f0bc73681aa4f78ce088621dd1d1f26f2f2f52f1eaf433ee2123c3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            97ea3db5990ef254995ac9028b3114d4

            SHA1

            0d86439aa252b8bebfaa684338da5a7552599621

            SHA256

            87158c7e894db6c7eb12259cb935f2eaa9372339be8e415901bc37b8e1de5ed3

            SHA512

            c901583767c9e7b71b0ffecb7a326d8f9f9f745a86ccd5ab2109eecaa5ed6e35fc1f0896b14ca66d64460d245e2f12f1841943aa286fdc9f80248fb01ec342ba

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            616744acb5ffb15328aac16ef03b81ab

            SHA1

            87bfdf8e11b2f47fd7857636a27ba4687e8675f3

            SHA256

            b04b5525f77ff5f54bf06a80f4dd6a395e381d402a33107b301af3077db50224

            SHA512

            504801d5a8c2f714eb5e4d4e45d51f079b9847da93c59bd03ee9a34e91e6ae04aa0b50b8b8ffe033d56a4540d6638f23e1c6ff10bc98324b7f00773070000938

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            dcef1cc7d9737065b698a83dd5492a97

            SHA1

            b248348eb91a364c6f3ed1221bbe7f067fda708a

            SHA256

            60830fc1ef081a25fcb40039d192ea94717c145354c785aa3e2d2e66545a7c72

            SHA512

            d46dba7d546e8a19313e034df7b962ec1e2c524fc7bc222b0b041e82c6e8ca568316adaeb84df0920dbab105535b225c08bfd182582624a510dd497f7c73e95c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c6978e19d8abe7f408c5d20acdd4108b

            SHA1

            304af893f8d36cf6c2b85a7378446a23c3063660

            SHA256

            3d4518db7fc6b8be59ce44c051d1acf59c2b466d8b50913d0bedb78fdd8dd173

            SHA512

            70926504ccb17ef0360162348544c54bb81fe227c2c586561c5bfb9d9d96a7d6f265b9e3f007ae4e48d4215ffdbec1e495fb211891f5e2815cb5e0b1f0a4a9dd

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            034c01301da053b573389535b8d5fbc4

            SHA1

            b668a9135e5b52a35d0a1bd17c43f283b2a970ca

            SHA256

            db0ff619870553f72ff1e896a0bab53194bda6a89948419e40d2bb1be9150964

            SHA512

            db49426b52de590dbd8a9702a6c508123ebfd8856367ebaba66c939026c26255a987ab5d74edac73e40246f584adf1d3348388e4a839620226d30fe5b429d340

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            64e29ce93a7823b788065ff5edb6fcc7

            SHA1

            b48527f75bc88d7d6623c657d6ee78515eda5583

            SHA256

            4c885f0baed9e060a786b51552b5bce74ce6d100a8817d987b0286cdcaf6e742

            SHA512

            0633ab1e3a9bf7429069d8510e8da9e3f2fc00e0c00e4f735b20bbdbb3b21f7714dedf0cad52ef24c508de779ac1e695f1ddc5d1844329e64dd92680c61cddfe

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            852329b26106c5e59547c0d0287d3563

            SHA1

            b65883a939a57e647be24fe8e9f99e156ea38064

            SHA256

            6099a6a72b644a6f56ce980d204cfe4a91b0a67f6c3b229894cc8087e2c0b9d5

            SHA512

            d081be3281902d1a7cb398ac22825d5436a8e16f7d7c73e816f09f142e3669c473c7d55ada5bd76c5ca3cc90282b177ca8780d071e6781644166a934e1b5cd80

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            24fbf59d6cdb2599401ef9089a469d89

            SHA1

            52f936ec2d161210a0e06ff352f2af6de35884a8

            SHA256

            8349727ea0bedc39b88dae138c6724a3bf63fed6f4fb4ec95c05805a3f6578b9

            SHA512

            86c444d3c3158433450a5c56a1206bd87d6be75cd52d984aa5df5fbd00fe3c3fc1930ae914b21203e0e6a583250aa284333288dcd72f8dbf96b83d381320fbdc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8fc2b8e9a188fb58a069447e6025de03

            SHA1

            2017fceaac0cfba458bef7e0c541f52a080397bd

            SHA256

            72ee28eb1abb74cc6e0c89e14da9f5b7cf139d77835a993fbfa17d7707154f68

            SHA512

            19c44e6086d0ca7883dad19315ef7da8abd6640098595f7e3cecc097776ee27b1627f8a500ce38d55e01bf18cbf1fda4798139635cdbd92437e06dbda2ecfb46

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            65fbd945cf6ffed7f808b6530eec1fe2

            SHA1

            70d3046de2abee89e7882f121c0ccef609246d16

            SHA256

            5f1cc3fdc3e108b539cad5ae747ea1f58c46bd6caba6ea78428ee727dbe49bb3

            SHA512

            46a069839aa636dcea79e53e5bd805dd4a419478c46ff9f2d991acdaf00a672993875193b16f3e84efc507d1c031f35269a25264813463f144d7f3197f6c4d21

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            3c4637afc1c8f858b5fc95a7f2bf04df

            SHA1

            8f34abf0f38f15204490edaae8fcf37d2213c3e8

            SHA256

            edb52840716ea1a95c68ed3aec64884fd5e5e938e8b94f0301d2b125d679e124

            SHA512

            f47ecd588354b64cc7f9ef152dbb72f7e51f88082659da612f8e476eafeefd93f99ab1a7ee5805f03353dfa74b6019ec181aef4257504800d3e74ee8b0fbb871

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            69fc46971281fd18289de35ed3c49a4d

            SHA1

            09089feb79463a4ef076fc2570420ae46e5618d3

            SHA256

            ffa8e14bca597e844384bab77c42dfe9dc4273ccd4a1257d80e82c4e3b89a581

            SHA512

            eb62e61a74da8f4682e86f6522997a33316bbfafa3e51f37c404fefd6e008316c7571b9184da8c172c151d6cd4f71f96398042c37df3f9d58018b46920a0dcd5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6ec60a924b8502b422b7aece8dc8275b

            SHA1

            2c06995e08923e7d83473617a57912fc21c1c1e9

            SHA256

            c0960fb4b4ac66f57e13ef69fa8b2b7aaf86bca1953d4a286a9fb6ce32db9849

            SHA512

            cc5f351e451596ed7ba5662c5fadb9cb5e9b264e58a12e79f4107e6753dc32fbb370a6ff1d4a0c338fb6a9b14f510fadce5904d6437546361ec37928e200ebe2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            2ea644ba7c2280b2e4594e832c6a356d

            SHA1

            afa3103d03f1bd42919ca5f23e8852534b2e9544

            SHA256

            96d2a8314367a9628971efab026a7b594dc82f431df3f5ea0ca1728727b2d843

            SHA512

            a424267b8e375db6e89586ce7c804a4cefcf6d37fb8160c736487dca8897c15b460d508e6e91a8e138a13fec3d406f49c7b8006a6ff0311821c853dfa3465e6b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d56e625db37220ea601bf2fb345f6b73

            SHA1

            da2588ab08b7d85b9a1465cd0c6c0eaabe28b3b8

            SHA256

            2981d5428fbf9bac3131961d7a6da3b503952141acc5ae7816d5b8904bbdd54f

            SHA512

            1841dfcea7dfb795e0b52bd0135b1c9cbcfce94a662761bb8e9a4dea94aebd6a79fef46cefa4a4eb14cdc45832370a9df2bbcf2ef124d0b03c5b8c5f8c6e0524

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8046fada3d38477f78749902e433daa5

            SHA1

            5eb6c7dc610a7a57e392ad43559e7037369d189e

            SHA256

            0ae10099251f635983416d7234e09a0c7023713739525e1a4fb740c26bef1b2d

            SHA512

            52cc7c8e6eaae47f9e46b24f15d6c8ce65f5341de0cba38b11c2a1157ac3d64bb261894b357f9f4ffae20a4afd4d7e5ba86f8b5c7521780f7692d5ef71eae26f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a3ec276313c5246d07e44d37ac779d74

            SHA1

            1691457c693f96b7550b0e365971a78750c61d0b

            SHA256

            f199e62e1b7b23ac58deac620b9cdbcb553df6be5dca09ebbde821ff211c807f

            SHA512

            a03ab31ec21dec29db5c945719111c830f434f24f021f657081784d302aee12b50df8a27d6fdb1546a509ef6f4a0d5966201a6f8e9cdd54bf5c0bfd63d4fe85a

          • C:\Users\Admin\AppData\Local\Temp\Cab38C.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\Tar43A.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/1080-445-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1080-449-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1080-447-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/2540-437-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2540-444-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2540-435-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/2540-434-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB